The end of the password is near. The brains at Google are experimenting with new authentication technologies for email, but it's not just our email that needs saving. Passwords everywhere don't work. The most optimistic thinking goes that with every new massive account info hack, companies will start adopting better technologies for protecting our user data, until one day the password is as much a relic as the floppy disk. For a look into what will come next, The Atlantic Wire spoke with security experts and analysts and the future without passwords involves a lot more passwords than we expected.

It Will Still Involve Passwords...

Despite Mat Honan's strong assertion in Wired last year that "the age of the password has come to an end," pretty much everyone we spoke with doubted that the password would disappear forever. The password will live. It just won't be the only means of security. "Most people will move away from relying on passwords as the only means of authentication," said Jeremy Grant, who heads The National Strategy for Trusted Identities in Cyberspace, a government organization working to advance the password ecosystem beyond passwords.

Rather, in the future, the password will be part of the security "constellation," as Forrester analyst Eve Maler put it. For the most important gateways to our lives, like email accounts, Google's 2-step authentication, which The Atlantic's James Fallows is a vocal proponent, combines a password and an ever-changing code sent via-text. The second aspect might look an awful lot like a password—Google texts a string of characters, for example. Or it might entail something more personalized, depending on the type of information we're trying to protect. But the password will still be in the mix.

While hacks loom, any extra steps means more of a burden for the user. Yes, having to go upstairs to get your phone is more annoying than remember 25 passwords. That hassle will never be worth it for certains things. Also, because of that perceived annoyance, it might take awhile for the multi-step thing to catch on, unless companies mandate it.

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.